mirror of
git://git.code.sf.net/p/xtables-addons/xtables-addons
synced 2025-09-21 20:14:56 +02:00
fa1348455d
Honeypot mode attempts to maintain a normal connection for the purpose of capturing payload packets. Reset mode provides the ability to send a reset packet in lieu of using the DROP or REJECT targets.
23 lines
1.1 KiB
Plaintext
23 lines
1.1 KiB
Plaintext
config NETFILTER_XT_TARGET_TARPIT
|
|
tristate '"TARPIT" target support'
|
|
depends on NETFILTER_XTABLES
|
|
---help---
|
|
Adds a TARPIT target to iptables, which captures and holds incoming TCP
|
|
connections using no local per-connection resources. Connections are
|
|
accepted, but immediately switched to the persist state (0 byte
|
|
window), in which the remote side stops sending data and asks to
|
|
continue every 60-240 seconds. Attempts to close the connection are
|
|
ignored, forcing the remote side to time out the connection in 12-24
|
|
minutes.
|
|
|
|
This offers similar functionality to LaBrea
|
|
<http://www.hackbusters.net/LaBrea/>, but does not require dedicated
|
|
hardware or IPs. Any TCP port that you would normally DROP or REJECT
|
|
can instead become a tar pit or honeypot. All 3 modes may be used
|
|
in iptables rules interchangably and simultaneously.
|
|
|
|
A honeypot option is available which will answer connections normally
|
|
and allow the remote to send data packets that may be captured in a
|
|
pcap for later analysis. A reset mode is also available that will only
|
|
send an inline reset (RST).
|